I searched for a proper configuration of a L2TP/IPsec mikrotik client but didn’t find an answer.
There we go: i have a Mikrotik L2TP/IPsec server with some RB750GL acting as clients.
VPNs are up and running and i followed many tutorials to configure IPSec. I get no errors but today i saw a particular checkbox on the L2TP client: USE IPSEC.
Policy peers and everything seem to work properly but i have a doubt now: if i don’t check this, will my vpn work as a normal L2TP without IPSec? I have checked Use IPSec on server side but didn’t see there was something similar on client. Without checking it VPN is not using IPSec (by the way on the log i see server and clients are exchanging ipsec packets)
“Use IPsec” seems to be a new function that enables you to use L2TP/IPsec without manually configuring the IPsec policy and peer for the underlying IPsec connection. Also check here: http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP (last section L2TP/IPsec setup, same seems to be true for the client side). So if you use manually configured policies and peers (for example to set a higher level of encryption), then you do not need to check “Use IPSec”.
You should be able to see the encryption status of your L2TP connection in the PPP window in Winbox. Switch to Detail Mode and you should see the details including the encoding of the underlying IPsec connection.
I will surely check in detailed model.
When i check the “Use IPSec” box some dynamic policies appear so, as you say, it seems to create a dynamic IPSec configuration.
Thank you for your help, i thought that keeping unchecked that option would invalidate the whole encryption
I was not able to setup a L2TP/IPSEC tunnel between 2 MT routers.
The IPSEC is enabled on the server side, but regardless the settings on the client, both (client and server) report to have MPPE encryption instead of IPSEC.
When I connect with an iPhone the server reports AES encryption as selected in the IPSEC policies.
Do you have a manual how to setup the client side on a MT router?
